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—15. A process for the remote authentication of a user (7) for local access to a local 
machine (4) of a network (5) having a remote server (3) managed by an administrator (8) and 
classification means (O) for classifying information, and means (9) for connecting the user (7) 
and the administrator (a) comprising 

• creating a challenge (D) capable of being transmitted by the communication means 
(9); 

• communicating this challenge (D) created to the administrator (8) together with 
elements known by\the user, via the communication means (9); 

performing a first predetermined calculation by means of the server (3) and obtaining 
a first response (RD)\that is a function of the challenge (D) and/or of predetermined 
data; 

• transmitting to the usefc (7) the first response (RD); 

• performing a second calculation by means of the local machine (4) and obtaining a 
second response (RD1) \hat is a function of the challenge (D) and/or of predetermined 
data; and 

• comparing the first respoilse (RD) transmitted by the administrator to the second 
response (RD1) calculated py the local machine (4) so as to authenticate the user and 
locally authorize connectioi\ of the user (7) to the local machine (4) based on the 
result of the comparison. 



1 16. A process according to\claim 15, characterized in that the calculation 

2 performed by the server (3) consists o ft modifying, in accordance with a given algorithm, the 

3 challenge (D) and/or at least one of the following pieces of data: 

4 a.) at least one piece of informarjon issued by the classification means and known by 

5 the user, 

6 b.) at least one secret shared betwfeen the server (3) and the local machine (4), 

7 c.) at least one element communicated by the user. 



1 1 7. A process according to claim\l 5, characterized in that the calculation 

2 performed by the local machine (4) consists of modifying, in accordance with a given 

3 algorithm, the challenge (D) and/or at least one of the following pieces of data: 

4 a.) at least one secret shared between me server (3) and the local machine (4), 
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b.) at least one element communicated by the user. 



1 18. A proce& according to claim 16, characterized in that the calculation 

2 performed by the local machine (4) consists of modifying, in accordance with a given 

3 algorithm, the challenge ^D) and/or at least one of the following pieces of data: 

4 a.) at least one secret shared between the server (3) and the local machine (4), 

5 b.) at least one element communicated by the user. 

1 19. A process accbrding to claim 16, characterized in that said at least one shared 

2 secret is entered into the server (3) and transmitted to the local machine (4) during a 
successful network authentication. 

1 20. A process according to claim 17, characterized in that said at least one shared 

2 secret is entered into the server fl3) and transmitted to the local machine (4) during a 

3 successful network authentication 

1 21. A process according to claim 18, characterized in that said at least one shared 

2 secret is entered into the server (3)\and transmitted to the local machine (4) during a 

3 successful network authentication. 

1 22. A process according to claim 16, characterized in that said at least one shared 

2 secret or secrets, as the case may be,lare modified by means of a modification key (C) that 

3 depends on the local machine (4), prior to being modified by the algorithm. 



1 23. A process according toiclaim 22, characterized in that the modification key 

2 (C) consists of concatenating the secret or a combination of secrets existing in the form of a 

3 byte string called a Master Station Secret and of hashing the byte string obtained through 

4 concatenation by means of a calculationlalgorithm, to obtain a byte string called a Station 

5 Secret. 
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24. A process according to claim 16, characterized in that said at least one shared 
secret or secrets, as the ctase may be, are accompanied by a version number that is 
incremented each time tne secret is modified. 

25. A process according to claim 17, characterized in that said at least one shared 
secret or secrets, as the case may be, are accompanied by a version number that is 
incremented each time thelsecret is modified. 



26. A process ac 
secret or secrets, as the case 
incremented each time the 



ording to claim 18, characterized in that said at least one shared 
may be, are accompanied by a version number that is 
secret is modified. 



27. A process accprding to claim 1 5, characterized in that the challenge is 
constituted by a byte string. 

28. A process according to claim 16, characterized in that the challenge is 
constituted by a byte string. 

29. A process according to claim 24, characterized in that the challenge is 
composed of: 

• a first byte representing tfee type of challenge, the type of challenge indicating 
whether a network authentication has been performed; 

• second and third bytes representing the version number of the shared information; and 
random alphanumeric characters of the fourth to twelfth bytes. 



30. A process according\to claim 27, characterized in that the challenge is 
composed of: 

• a first byte representing the tipe of challenge, the type of challenge indicating 
whether a network authentication has been performed; 

• second and third bytes representing the version number of the shared information; and 

• random alphanumeric characters of the fourth to twelfth bytes. 




I T2 147-906343-US3780/PB 

1 24. A process according to claim 16, characterized in that said at least one shared 

2 secret or secrets, as the case may be, are accompanied by a version number that is 

3 incremented each time the secret is modified. 

1 25. A process according to claim 17, characterized in that said at least one shared 

2 secret or secrets, as the case may be, are accompanied by a version number that is 

3 incremented each time the secret is modified. 

1 26. A process according to claim 18, characterized in that said at least one shared 

2 secret or secrets, as the case may be, are accompanied by a version number that is 

3 incremented each time the sedret is modified. 

1 27. A process according to claim 1 5, characterized in that the challenge is 

2 constituted by a byte string. I 

1 28. A process according to claim 16, characterized in that the challenge is 

2 constituted by a byte string. 1 

1 29. A process according to claim 24, characterized in that the challenge is 

2 composed of: I 

3 • a first byte representing the type of challenge, the type of challenge indicating 

4 whether a network authentication has been performed; 

5 • second and third bytes representing the version number of the shared information; and 

6 • random alphanumeric characters of the fourth to twelfth bytes. 

1 30. A process according io claim 27, characterized in that the challenge is 

2 composed of: \ 

3 • a first byte representing the type of challenge, the type of challenge indicating 

4 whether a network authentication has been performed; 

5 • second and third bytes representing the version number of the shared information; and 

6 • random alphanumeric characters of the fourth to twelfth bytes. 
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1 3 1 . A process according to claim 23, characterized in that the response (RD; RD1) 

2 is calculated by hashing, imaccordance with a calculation algorithm, a character string 

3 composed of the concatenation in a predetermined order of the challenge, the character string 

4 resulting from the transformation by a calculation algorithm of the user's password, the 

1 ^ A / 

5 Station Secret and the user's name. 1 ^ 

1 32. A process according to claim 15, characterized in that the response (RD; RD1) 

2 is calculated by hashing, in accordance with a calculation algorithm, a character string 

3 composed of the concatenation in a predetermined order of the challenge, a fixed security key 

4 CC stored in the local machine\(4) and in the server (3), the name of the local machine (4), 

5 the character string resulting from the transformation by a calculation algorithm of the user's 

6 password and user name. 1 

1 33. A process according to claim 1 5, characterized in that the local connection 

2 authorized is temporary, the authorized duration being configurable. 

1 34. A process according to claim 1 5, characterized in that it consists of locally 

2 authenticating the user (7) after a disconnection by the user (7) authenticated remotely. 

1 35. A system for the remote authentication of a local user (7) for local access to a 

2 local machine of a network (5) having a remote server (3) managed by an administrator (8) 

3 and containing means (6) for classifying information, comprising communication means (9) 

4 for connecting the user (7) with the administrator (8), each local machine (4) comprising a 

5 user authentication module (10) thatuncludes a first user module for generating a challenge 

6 (11) and a second user module for calculating a response to the challenge, and the remote 

7 server (3) comprising an administratis authentication module (13) for authorizing access by 

8 the user to the local machine based on the response generated.--. 
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